TP-Link Issues Urgent Patch for KP303 Smart Plug Vulnerability (CVE-2025-8627)

TP-Link has issued a security advisory addressing a high-severity vulnerability (CVE-2025-8627) affecting its KP303 Smart Plug, warning that attackers could exploit the flaw to remotely issue unauthenticated commands that may cause the device to power off unexpectedly and potentially leak sensitive information.

According to the advisory, “the TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information leak.”

The vulnerability has been assigned a CVSS v4.0 score of 8.7 (High). Exploitation could allow malicious actors to disrupt smart home or office environments by remotely switching off the device or harvesting information transmitted through it.

As TP-Link explains, “the unauthenticated protocol commands may be executed on the device,” meaning attackers do not need valid credentials to trigger the flaw.

The vulnerability impacts:

• Product: TP-Link KP303 V2.0 (US)
• Affected Version: Firmware < 1.1.0
• Fixed Version: Firmware ≥ 1.1.0

TP-Link confirmed that users running firmware older than version 1.1.0 are exposed to the issue. The company has already released updated firmware to remediate the flaw.

TP-Link strongly urges all customers to update immediately. The advisory states: “We strongly recommended that users with the affected device(s) take the following action(s): Update to the latest firmware to fix the vulnerabilities.”

Updating ensures that devices receive the patched firmware (≥ 1.1.0), closing the door on potential exploitation.

Related Posts:

• Apple Hits Pause on iPadOS 18 for M4 iPad Pro Amid ‘Bricking’ Fears
• Congress Scrutinizes TP-Link Routers Over Cybersecurity Concerns
• Old Vulnerability, New Attacks: Botnets Swarm Exploited CVE-2023-1389 in TP-Link Routers
• Zero-Click to Root: CISA Flags Active Exploits in Apple iOS and TP-Link Routers
• TP-Link NVR Update: Command Injection Flaws Expose Devices to Remote Code Execution